North Korean Crypto Hackers Now Target Russian Defense Firms – Report

Hack North Korea Russia
Ad Disclosure
Ad Disclosure

We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. However, this potential compensation never influences our analysis, opinions, or reviews. Our editorial content is created independently of our marketing partnerships, and our ratings are based solely on our established evaluation criteria. Read More
Last updated:
Ad Disclosure
Ad Disclosure

We believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. However, this potential compensation never influences our analysis, opinions, or reviews. Our editorial content is created independently of our marketing partnerships, and our ratings are based solely on our established evaluation criteria. Read More
Author
Tim Alper
Author Categories
About Author

Tim Alper is a British journalist and features writer who has worked at Cryptonews.com since 2018. He has written for media outlets such as the BBC, the Guardian, and Chosun Ilbo. He has also worked...

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Ad DisclosureWe believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships. Read more

A group of North Korean hackers that have allegedly made a name for themselves by targeting American-based crypto firms appears to have upped its ante – and is now reportedly targeting Russian and other international defense companies.

Source: Adobe/BirgitKorber

Per Kommersant, Anastasia Tikhonova, head of sophisticated threats research at Group-IB, the group, known as Kimsuki (variously Kimsuky), has “taken advantage of the coronavirus pandemic” with spear-phishing attacks conducted via email and social media networks “to obtain confidential information from Russian aerospace and defense companies.”

The same media outlet stated that RT-Inform, the IT security arm of the Russian state-owned tech agency Rostec, “did not confirm or deny” the reports, but did note that there had been an increase in the number of incidents and cyberattacks on the IT networks of the organizations it represented in the period April to September 2020.

Kommersant stated that it believes most of the attacks “were poorly prepared” and “did not pose a significant threat.” But Tikhonova suggested that the hackers may simply be “testing the waters” ahead of “a more serious attack” on Russian firms’ networks.

Tikhonova added that North Korean hackers had also recently launched attacks on a Turkey-based firm, and that it had focused specifically on companies making artillery and armored vehicles based in Russia, Ukraine, Slovakia, Turkey and South Korea.

And an August 2020 UN report alleged that Kimsuki has targeted at least 28 UN officials, including at least 11 senior UN Security Council staff with similar spear-phishing attacks on Gmail accounts.

Earlier this year, Daily NK reported that the Kimsuki-affiliated Lazarus hacking group was stepping up its efforts to hack into crypto exchanges and lift money from crypto wallets as the global economy took a turn for the worse following start of the coronavirus pandemic.

A security expert in South Korea last month told Cryptonews.com that “malicious actors with impeccable Korean language skills are now targeting employees at South Korean financial institutions including crypto exchanges with what look like bona fide job offers.”

Kumsuki, which a number of security experts said targetted a number of American and South Korean crypto firms in the 2018-2019 period, has also been linked to an attack that security firm Ahn Labs said makes use of Microsoft Word documents laced with malicious code – while Lazarus has been using platforms like LinkedIn to spear-phish crypto exchange staff, per an American security firm.
____

Learn more:
North Korea’s Stolen Bitcoin Loot Move Is ‘Just Tip of the Iceberg’
Experts: North Korean ‘Tech Has Scaled Up’ After US Makes Hack Claims
North Korea ‘Used LinkedIn, Telegram’ in USD 7m Crypto Exchange Hack
UN: North Korea Turns Talented Children into Cryptocurrency Hackers

More Articles

Price Analysis
Will Trump’s Tariffs Boost Bitcoin: Down 5% Again
Arslan Butt
Arslan Butt
2025-02-08 14:39:24
Price Analysis
Solana Struggles: Price Down Almost 15% in a Week – Is It Time to Buy?
Arslan Butt
Arslan Butt
2025-02-08 13:22:54
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors